Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)
Secure Fabric OS Administrator’s Guide 49
53-1000244-02
3
Table 9 displays the possible Management Server policy states.
To create a Management Server policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “MS_POLICY”, “member;...;member”.
member is a device WWN.
3. To save or activate the new policy, enter either secPolicySave or secPolicyActivate.
If neither of these commands is entered, the changes are lost when the session is logged out.
For more information about these commands, see “Saving Changes to Secure Fabric OS
Policies” on page 56 and “Activating Changes to Secure Fabric OS Policies” on page 56.
For example, to create an MS_POLICY that allows access through a device that has a WWN of
12:24:45:10:0a:67:00:40:
primaryfcs:admin> secpolicycreate "MS_POLICY", "12:24:45:10:0a:67:00:40"
MS_POLICY has been created.
Serial Port Policy
The Serial Port policy can be used to restrict which switches can be accessed by serial port. The
policy is named SERIAL_POLICY and contains a list of switch WWNs, domain IDs, or switch names
for which serial port access is enabled.
The Serial Port policy is checked before the account login is accepted. If the Serial Port policy exists
and the switch is not included in the policy, the session is terminated. Table 10 displays the
possible serial port policy states.
To create a Serial Port policy
1. From a sectelnet or SSH session, log in to the primary FCS switch as admin.
2. Type secPolicyCreate “SERIAL_POLICY”, “member;...;member”.
member is a switch WWN, domain ID, or switch name. If a domain ID or switch name is used to
specify a switch, the associated switch must be present in the fabric for the command to
succeed.
3. To save or activate the new policy, enter either secPolicySave or secPolicyActivate.
TABLE 9 Management Server Policy States
Policy State Characteristics
No policy All devices can access the management server.
Policy with no entries No devices can access the management server.
Policy with entries Specified devices can access the management server.
TABLE 10 Serial Port Policy States
Policy State Characteristics
No policy All serial ports of the switches in the fabric are enabled.
Policy with no entries All serial ports of the switches in the fabric are disabled.
Policy with entries Only specified switches can be accessed through the serial ports.